167 matches found
CVE-2026-45277
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...
CVE-2026-45277 Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...
CVE-2026-45277
Nextcloud (Approval app) suffers information disclosure via the fileId parameter: authenticated users can determine whether arbitrary files are linked to specific approval workflows. Root cause appears to be insufficient access controls exposing workflow associations. The issue is confirmed resol...
CVE-2026-45277 Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...
PT-2026-45522
Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can request approval. This issue has been patched in version 2.7.2...
BIT-JOOMLA-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901
Lack of output escaping leads to a XSS vector in the multilingual associations component...
EUVD-2026-31882
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901
CVE-2026-25901 affects Joomla! Core — specifically the multilingual associations component. The root cause is a lack of output escaping in com_associations, which creates a reflected/XSS vector when user-supplied content is rendered. Documented impact indicates potential for script execution that...
CVE-2026-25901 Joomla! Core - [20260502] - XSS in com_associations
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-25901
Lack of output escaping leads to a XSS vector in the multilingual associations component...
PT-2026-43288
Name of the Vulnerable Software and Affected Versions Joomla CMS affected versions not specified Description Lack of output escaping in the multilingual associations component allows for a Cross-Site Scripting XSS vector. XSS is a flaw where an attacker injects malicious scripts into content...
fileId parameter reveals workflow associations in Nextcloud Approval app
None...
BIT-JOOMLA-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-21631
Lack of output escaping leads to a XSS vector in the multilingual associations component...
EUVD-2026-17857
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-21631
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view
Lack of output escaping leads to a XSS vector in the multilingual associations component...
CVE-2026-21631
Lack of output escaping leads to a XSS vector in the multilingual associations component...